CVE-2021-28144
D-Link DIR-3060 1.11b04 Command Injection
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.
El archivo prog.cgi en los dispositivos D-Link DIR-3060 versiones anteriores a 1.11b04 HF2, permite a usuarios autenticados remoto inyectar comandos arbitrarios en un contexto de administrador o root porque la funciĆ³n SetVirtualServerSettings llama a CheckArpTables, que llama a popen de manera no segura
D-Link DIR-3060 versions 1.11b04 and below suffer from an authenticated command injection vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-03-11 CVE Reserved
- 2021-03-11 CVE Published
- 2024-07-14 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Mar/23 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/161757/D-Link-DIR-3060-1.11b04-Command-Injection.html | 2024-08-03 | |
| https://www.iot-inspector.com/blog/advisory-d-link-dir-3060 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10208 | 2022-06-28 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dir-3060 Firmware Search vendor "Dlink" for product "Dir-3060 Firmware" | <= 1.11b04 Search vendor "Dlink" for product "Dir-3060 Firmware" and version " <= 1.11b04" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-3060 Search vendor "Dlink" for product "Dir-3060" | - | - |
Safe
|